﻿using System;
using System.Data;
using System.Data.SqlClient;
using System.Diagnostics;
using SARS.Entity;
using SARS.Entity.Factory;

namespace SARS.DAO
{
    public class AuthenticateDAO : IAuthenticateDAO
    {
        private readonly SqlConnection _conn = new SqlConnection(Utils.SarConnectionString);
        private SqlCommand _cmd;
        private SqlDataReader _dr;

        public UserEntity ValidateUser(string userName, string passWord)
        {
            UserEntity user = null;

            // Check for invalid userName.
            // userName must not be null and must be between 1 and 15 characters.
            if ((string.IsNullOrEmpty(userName)) || (userName.Length > 50))
            {
                Trace.WriteLine("[ValidateUser] Input validation of userName failed.");
                return null;
            }

            // Check for invalid passWord.
            // passWord must not be null and must be between 1 and 25 characters.
            if ((string.IsNullOrEmpty(passWord)) || (passWord.Length > 50))
            {
                Trace.WriteLine("[ValidateUser] Input validation of passWord failed.");
                return null;
            }

            try
            {
                // Consult with your SQL Server administrator for an appropriate connection
                // string to use to connect to your local SQL Server.
                _conn.Open();

                // Create SqlCommand to select pwd field from users table given supplied userName.
                _cmd = new SqlCommand(
                    "SELECT * FROM [dbo].[Users] WHERE [Username]=@userName AND [Password]=@passWord", _conn);
                _cmd.Parameters.Add("@userName", SqlDbType.VarChar, 50);
                _cmd.Parameters["@userName"].Value = userName;
                _cmd.Parameters.Add("@passWord", SqlDbType.VarChar, 50);
                _cmd.Parameters["@passWord"].Value = passWord;

                _dr = _cmd.ExecuteReader(CommandBehavior.SingleRow);

                while (_dr.HasRows && _dr.Read())
                {
                    user = UserFactory.CreateUser((RoleType) Int32.Parse(_dr["UserRole"].ToString()));
                    user.UserID = Convert.ToInt32(_dr["UserID"].ToString());
                    user.FirstName = _dr["FirstName"].ToString();
                    user.LastName = _dr["LastName"].ToString();
                    user.DOB = DateTime.Parse(_dr["DOB"].ToString());
                    user.Username = _dr["Username"].ToString();
                    user.Picture = _dr["Picture"].ToString();
                    user.Address = _dr["Address"].ToString();
                    user.Phone = _dr["Phone"].ToString();
                    user.Email = _dr["Email"].ToString();
                    user.Status = Int32.Parse(_dr["Status"].ToString());
                }

                // Cleanup command and connection objects.
                _dr.Close();
                _cmd.Dispose();
                _conn.Close();
            }
            catch (Exception ex)
            {
                // Add error handling here for debugging.
                // This error message should not be sent back to the caller.
                Trace.WriteLine("[ValidateUser] Exception " + ex.Message);
            }
            finally
            {
                _conn.Close();
            }

            return user;
        }
    }
}